Hi dave. our computer is still taken over by nvctrl.exe. Nvctrl.exe shows in processes in “Windows task manager”, and when i select nvctrl.exe i can “end process” or “end process tree”. i selected end process tree and it said that “ending this process could cause system instability” so i cancelled it. Is it alright to end the process tree??
Let me tell you the bad news first. You’ve been infected by a virus called trojan.zlob.E or a variant thereof. The good news, however, is that it’s a pretty mild trojan and all it wants to do is mess with your Microsoft Internet Explorer preferences so it controls your home page, bookmarks, and so on. Annoying, but there are definitely more destructive viruses out there.
One place I turn for information on viruses, trojans, etc, like trojan.zlob.e is Symantec and its information-packed Security Response Center. It’s pretty easy to use: just type in the name of the file that’s mysteriously shown up or has been corrupted and it’ll promptly return any and all matching viruses, trojans, spyware or similar.
Here’s a copy of their search box if you want to try it for yourself:
What’s really useful about the Symantec information pages about viruses (etc) like your nvctrl.exe trojan is that it details exactly what files are added, specifies what modifications are made to registry files, if any, and details what other changes are made to your machine.
Of course, knowing what a trojan or virus does certainly doesn’t mean that you can manually reverse it or undo the damage manually.
Symantec recommends the following removal instructions for this trojan:
1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Run a full system scan and delete all the files detected.
4. Delete any values added to the registry.
5. Reset the Internet Explorer home page.
6. Reset the Internet Explorer search page.
But in fact, it’s pretty darn tough to get all this right. If you’re not already running some strong antivirus software (which would have caught this infection!) you really, really need to get one installed. But before you install one, you need to have a clean uninfected version of the OS. I’m afraid my recommendation to you is to do a good backup of your personal files and reinstall Windows from scratch.
Apply all the system upgrades from Microsoft, then install and update a good antivirus and antispyware application (I recommend Symantec/Norton Antivirus 2006, actually, and Webroot’s Spy Sweeper antispyware application, available at lots of stores online and off).
Run the programs to ensure that everything’s clean, then folder by folder restore your files and personal data.
Then never install or use any applications – or visit any Web sites – without having both these programs running and protecting you.
Good luck to you!
Respected Dave,
I don’t know if there is a virus in my pc or not.Everything runs smooth,except any ANTIVIRUS or virus removal tool like REGRUN is trying to install,it is being corrupt.And pc is not starting in Safemode too.
There is something which corrupts only antivirus files.No any suspected files can be seen,either in taskmanager or in msconfig. Everything is running i:e:regedit, hiddenfolder option, taskmanager, Run option.
Dave please help in this challanging operation.